Uchaguzi Support

Privacy and Security Guidelines

Overview

The privacy and security of the public, our partners, and our team members is of the utmost importance to the Uchaguzi team and to Ushahidi.

As such, we have developed these guidelines for our core team to include as part of the training of all volunteers, across all levels and responsibilities. This page is an introduction to our security goals, recommendations, and general requirements for all volunteers.

Uchaguzi Access and Training for all team members

In addition, each team member working with data submitted to the Uchaguzi platform requires training and scheduled times for their assigned tasks. According to their assigned tasks, each member will have a set access level.Angela Lungati from Ushahidi is managing these access levels.

While anyone can create an account to have a "member" status, they will only be able to view their reports submitted. All other Uchaguzi access tiered will have various levels of permissions pertinent to their assigned tasks. Only the Admins, Verification, and Publishing team members will have the right to publish posts that can be viewed by the public at https://uchaguzi.or.ke.

Have I contacted the emergency desk of my team lead?

Should the item be posted or removed?

Should certain partners also be contacted?

Are there any URLs in the report? Are these reports suspicious? Should they be removed?

Is there any code / HTML in the report? This should be removed.

Tips from the Uchaguzi 2010 Case Study

on Security & Privacy:

"The ability to create questionnaires gets people to start thinking about the security that I think needs to be a standard set of questions that people ask for in any installation at all. While the issues of information security, privacy and the possibility of retribution for sharing information was not a major issue in the Uchaguzi&dash; Kenya project; it may play a very large role in other election monitoring projects that use Ushahidi or Crowdmap. Risks to people systems and organizations are constantly evolving approaches to security privacy will need to be regularly evaluated."

A security and privacy review should begin with:

A discussion of potential risks to the crowd and organizations if they use the platform

Plans on how to keep technology hardware (e.g., servers) safe and secure

Plans for how volunteers and others should be trained to keep information private and secure, if necessary